Other events that might be recorded as part of this mechanism are:Ģ. The details pane will show more info, such as the certificate’s subject name and thumbprint: For example, when a certificate is about to expire (a day before expiration), an event with ID 1003 will be logged under /Applications and Services Logs/Microsoft/Windows/CertificateServicesClient-Lifecycle-System or /Applications and Services Logs/Microsoft/Windows/CertificateServicesClient-Lifecycle-User: This mechanism is part of Windows 8 and Windows 2012, and it creates system events when certain certificate-related things happen.
To make things easier, Microsoft has implemented a new helper mechanism in windows called Certificate Services Lifecycle Notifications. When an IIS site is configured for a certificate, it has to be re-bound when the certificate is renewed, and if you don’t perform this (by going to the site binding dialog, and selecting the new certificate from the certificate drop-down), you ARE going to get some nasty phone calls.
Even if you do get it right, or have your certificates automatically renew, there’s still the issue of certificate rebind. Ultimately, if you’re an efficient fellow, you can try to have all your certificate expire around the same date, or set reminders in Outlook to remind you about the upcoming expiration, but in reality, it’s the sort of things that tend to get missed even by the most experienced engineers. However, the topic of certificate renewal is one that certainly plagues the nightmares of every seasoned system administrator. I think we can forgive that, as he wrote the book in 1726 and websites weren’t as popular as they are today. When Christopher Bullock wrote about the certainties in life in his book The Political History of the Devil, he probably should have added a 3 rd certainty…that your certificates WILL expire and you’ll have to renew them.